A conversation about security

April 2013 Information Security

Craig Rosewarne
Craig Rosewarne

The person who is probably most in touch with the state of information security in South Africa is Craig Rosewarne, MD of Wolfpack Information Risk and founder and chairperson of the Information Security Group of Africa (ISGA). Rosewarne deals with both private and public organisations in his efforts to increase their level of information security awareness and preparedness.

And while he says the awareness is growing, he still comes across situations where organisations are poorly prepared to deal with the current wave of cyber crime, never mind what the future holds. The publication Wolfpack brought out past year, The South African Cyber Threat Barometer estimates that R2.65 billion was lost to cyber crime in the period from January 2011 to August 2012, with just over R660 million that was not recovered. The publication is downloadable at www.securitysa.com/*infosec5.

And that is not considering the other cyber crimes, such as cyber espionage faced on a national level, and the theft of intellectual property and business strategy that has been widely publicised of late in the USA. As the article introducing this section notes, South African companies and the government are naïve if they think the cyber villains are going to pass this country by.

One of the greatest flaws in South Africa is a lack of a response mechanism to cyber attacks. We have a few private companies that can initiate a response to a commercial attack, but no national organisation to deal with the threat and despite previous talk of developing a CERT (Computer Emergency Readiness Team) for the country, it seems this has been put on the back burner.

Rosewarne is also a concerned about the lack of security skills in South Africa, both in the private and public sectors and is looking for ways in which business can work together to overcome this problem. He has already been instrumental in promoting SANS training and certifications on the continent. He admits, however, that much more is needed.

RSA 2013 Conference

Rosewarne attended the recent RSA conference and gave Hi-Tech Security Solutions a few pointers on what was discussed. The conference was attended by over 27 000 people and featured over 250 talks, giving the attendees over 20 tracks per session to choose from.

In facing the information security threats the world is threatened by, the conference highlighted the following key themes, among others:

* Big data analytics has arrived. Arthur Coviello, RSA executive chairman, said, “Caesar recognised the omens, he just did not think they applied to him. Big technology data is here – embrace it.”

* Ensure you implement and test incident response capabilities.

* Develop deep technical information security skills.

* Obtain threat intelligence from as many sources as you can.

* Focus less on ‘tick-box’ assessments and put more effort into implementation.

* Establish multiple internal and external partnerships.

Notable notes

Among the notable presentations, Rosewarne highlighted a few that stood out, although he notes that they were all well worth listening to.

Ari Juels from RSA moderated a cryptographer’s panel with some well-known gurus in the field, including Ron Rivest, Whitfield Diffie, Adi Shamir and Dan Boneh. One of the topics discussed was security and cryptography education. Stanford offers their crypto class online via massive open online courses (MOOC). Its last intake was over 150 000 students with the largest registrations after the USA being China and India.

According to these experts, cryptography as a discipline is under strain and strangely becoming less relevant today. This is because intelligence agencies are often able to bypass encryption and APTs, sometimes buried within networks for years, simply have to wait for a key to be used in the decryption stage and they are in.

A panel discussion on the CSIS 20 Critical Security Controls discussed a new standard of due care for cyber security. “The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.” (Source: http://www.sans.org/critical-security-controls.)

On the panel, Ed Skoudis said, “we ran an exercise of analysing all the large scale breach cases we have investigated. After mapping them to the 20 controls we are confident that had the companies implemented the controls these breaches would have been prevented.”

Of course, most companies do not have the 20 controls in place and are still suffering breaches. When looking at enterprise impact investigations, the consensus is that many companies do not conduct a thorough investigation following a breach. If systems are not reviewed in detail and the threats mitigated, they will return. Regulators have also changed their attitudes regarding investigations and insist that more detailed reviews take place.

Finally, although there was much more to see and hear at the conference, Rosewarne ends with a list of which functions should be part of a crisis management team.

* An experienced public relations firm.

* Legal experts.

* Board involvement needed to support and respond.

* Intelligence gathering analysts.

* Incident response professionals.

* Forensic investigators.

* Malware analysts.

* Network traffic monitoring staff.

* Data analysis service, and

* Breach notification management and business support teams.

These types of services are seldom offered by one company, therefore ensure you have the necessary partnerships in place before an incident happens, advises Rosewarne.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.